Symantec AntiVirus Scan Engine Web Service Administrative Interface Buffer Overflow

Critical Nessus Plugin ID 67229


The remote host has software installed that is affected by a buffer overflow vulnerability.


The remote host has a version of Symantec AntiVirus Scan Engine installed that is affected by a buffer overflow vulnerability in the web-based administrative interface. By sending a specially crafted request, a remote attacker may be able to execute arbitrary code.


Upgrade to Symantec AntiVirus Scan Engine 4.3.12 or later.

See Also

Plugin Details

Severity: Critical

ID: 67229

File Name: symantec_scan_engine_sym05_017.nasl

Version: $Revision: 1.4 $

Type: local

Agent: windows

Family: Windows

Published: 2013/07/10

Modified: 2015/01/15

Dependencies: 31857

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:W/RC:C

Vulnerability Information

CPE: cpe:/a:symantec:antivirus_scan_engine

Required KB Items: SMB/symantec_scan_engine/Installed

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2005/10/04

Vulnerability Publication Date: 2005/10/04

Reference Information

CVE: CVE-2005-2758

BID: 15001

OSVDB: 19854